From ffd1238369a68fb0a10a6d5fc31ae6f166910713 Mon Sep 17 00:00:00 2001 From: "Gregory P. Smith [Google LLC]" Date: Tue, 13 Nov 2018 17:18:50 -0800 Subject: [PATCH 1/3] Fix an out of bounds memory access. --- Objects/unicodeobject.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c index b76db619ad7614..21d994cdd6b6f2 100644 --- a/Objects/unicodeobject.c +++ b/Objects/unicodeobject.c @@ -2950,7 +2950,7 @@ PyObject *PyUnicode_DecodeUnicodeEscape(const char *s, if (ucnhash_CAPI == NULL) goto ucnhashError; } - if (*s == '{') { + if (s < end && *s == '{') { const char *start = s+1; /* look for the closing brace */ while (*s != '}' && s < end) From f4b56e91439c142e0f372ce08e9f6acc7e17cc43 Mon Sep 17 00:00:00 2001 From: "Gregory P. Smith [Google LLC]" Date: Tue, 13 Nov 2018 17:20:24 -0800 Subject: [PATCH 2/3] news entry --- .../Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst b/Misc/NEWS.d/next/Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst new file mode 100644 index 00000000000000..1fe9dd1d4baae1 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst @@ -0,0 +1,3 @@ +Fixed an out of bounds memory access when parsing a truncated unicode escape +sequence at the end of a string such as ``'\N'``. It would read one byte +beyond the end of the memory allocation. From 8d35bbefd04e51ee716716a50956369bb37a1abe Mon Sep 17 00:00:00 2001 From: "Gregory P. Smith" Date: Wed, 14 Nov 2018 09:09:52 -0800 Subject: [PATCH 3/3] add a u prefix, this is Python 2. --- .../Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst b/Misc/NEWS.d/next/Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst index 1fe9dd1d4baae1..91f6916ae19195 100644 --- a/Misc/NEWS.d/next/Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst +++ b/Misc/NEWS.d/next/Core and Builtins/2018-11-13-17-20-18.bpo-35214.AH2F87.rst @@ -1,3 +1,3 @@ Fixed an out of bounds memory access when parsing a truncated unicode escape -sequence at the end of a string such as ``'\N'``. It would read one byte +sequence at the end of a string such as ``u'\N'``. It would read one byte beyond the end of the memory allocation.